CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:igeneric:ig_shop:1.0:*:*:*:*:*:*:*
cpe:2.3:a:igeneric:ig_shop:1.4:*:*:*:*:*:*:*

History

21 Nov 2024, 00:25

Type Values Removed Values Added
References () http://osvdb.org/33387 - () http://osvdb.org/33387 -
References () http://osvdb.org/33388 - () http://osvdb.org/33388 -
References () http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt - Exploit () http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt - Exploit
References () http://secunia.com/advisories/23604 - Vendor Advisory () http://secunia.com/advisories/23604 - Vendor Advisory
References () http://www.attrition.org/pipermail/vim/2007-June/001664.html - () http://www.attrition.org/pipermail/vim/2007-June/001664.html -
References () http://www.securityfocus.com/archive/1/456043/100/0/threaded - () http://www.securityfocus.com/archive/1/456043/100/0/threaded -
References () http://www.securityfocus.com/archive/1/471722/100/0/threaded - () http://www.securityfocus.com/archive/1/471722/100/0/threaded -
References () http://www.securityfocus.com/bid/21875 - () http://www.securityfocus.com/bid/21875 -
References () http://www.vupen.com/english/advisories/2007/0056 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/0056 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/31301 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/31301 -
References () https://www.exploit-db.com/exploits/3083 - () https://www.exploit-db.com/exploits/3083 -

Information

Published : 2007-01-09 11:28

Updated : 2024-11-21 00:25


NVD link : CVE-2007-0134

Mitre link : CVE-2007-0134

CVE.ORG link : CVE-2007-0134


JSON object : View

Products Affected

igeneric

  • ig_shop
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')